Basic ASA Lan2Lan VPN Example

February 27, 2012

Or – ASA Lan2Lan-VPN for dummies.   I often get questions related to Lan2Lan-tunnels in ASA. This post serves as a cheat-sheet for different software versions. Pix v6.x   isakmp enable outside isakmp policy 1 authentication pre-share isakmp policy 1 encryption des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 [...]

Read the full article →

Cisco ISE Profiler in action

February 20, 2012

I am a huge fan of Cisco ISE and Trustsec. I have done a few live implementations as well as at home (anyone should run Trustsec at home! ). There will probably be a lot of ISE-related posts here in the near future.   Here I just want to reflect on how well the built-in [...]

Read the full article →

Cisco Live 2012 in London – short resume of my sessions

February 10, 2012

I just returned home after spending almost a week in London attendingCisco Live. Much can be said about the event and many has already summarized their experience, so the plan for this blog post is to make a short resumé of the sessions I attended to. Many were great, most were good but a few [...]

Read the full article →

Quick note: Inactive Anyconnect sessions not removed.

February 6, 2012

I recently had a TAC-case regarding a Cisco ASA 5510-firewall with Anyconnect-clients which had issues with VPN-clients not being able to connect due to “no address available”. It turned out that the “show vpn-sessiondb anyconnect”-command showed 50+ anyconnect-sessions that were over one month old! Like this:   sh vpn-sessiondb anyconnect Session Type: AnyConnect Username : [...]

Read the full article →

Cisco Ironport WSA – what happened?

January 30, 2012

I have recently implemented a few Cisco Ironport WSA-solutions. When doing a follow-up after the implementation, the customer usually reacts with “Oh… WSA? We forgot about that. It probably works…” But what difference does it make? If the customer forgets about their web proxy, what good does it do? Lets have a look at an [...]

Read the full article →

How to play case status table-tennis with Cisco TAC

January 26, 2012

The problem have you ever had an open TAC case with Cisco, just waiting for them to provide either a solution or some other kind of feedback, and all that happens is that the TAC engineer sends you an email telling you that they “have work in progress” or something else not-making-the-case-evolve? If so, I [...]

Read the full article →

Happy new year – Again! :-)

January 24, 2012

When purging and cleaning ancient posts I found this post where I wished everyone a Happy New 2011. And I felt that it was time for an update.   So, what happened during 2011 – did I become a Cisco CCIE Security? The short answer is: No.   In february 2011 my written CCIE Security exam [...]

Read the full article →

RSS-feeds with partial content sucks!

January 22, 2012

I am fan of RSS readers. I use Google Reader all the time to keep track of interresting blog and news sites. Actually, i rarely visit blog sites direct, just from my RSS reader. And I love it.   But there are a few really good blogs that are configured not to post the full [...]

Read the full article →

ISE host name and AD joining

January 21, 2012

Recently we tried to join an Cisco ISE instance to Active Directory without success. The problem seemed to be because of the length of the ISE host name. Even though the system supports host names up to 19 characters long, we couldn’t add the ISE to AD until we shortened the name to be maximum [...]

Read the full article →

Stuck with an auth-proxy task

January 3, 2012

Hello I am currently working on a task (INE CCIE Security WB 1 Task 2.9) where I am supposed to configured an radius-based IOS auth-proxy. The task is this:   Configure Authentication PRoxy settings on R3 per the following requirements. US the radius server at 10.0.0.100 with the authentication key CISCO. The authentication proxy should [...]

Read the full article →

← Previous Entries

Next Entries →